False +ve on phoenix.untd.com and cyclops.untd.com

Juno and Netzero users are complaining about getting trojan alerts for phoenix.untd.com and cyclops.untd.com.

Can you please look into this and remove these false +ves.

Regards,

are you the site owner?

Yes, I work for untd.com.

Also can you please confirm which version introduced these URLs.

trying to access those site from a ipad… they seem to be empty / taken down ?

These are internal URLs for our webmail site and those need additional parameters.

Going to webmail.juno.com and will generate requests for these two domains.

do they get the same message as reported here. http://forum.avast.com/index.php?topic=134059.0

if you think this warning is wrong…
You can report FP to avast lab here: http://www.avast.com/contact-form.php
you may add a link to this topic in case they reply here

Hello,
I don’t see any detection – post screenshot of avast! alert window and IP addresses on which the URLs translates to you, please.

Milos

I haven’t received any screenshot from members yet. But received only complaints.

Yes, it has to be related to Ads and similar to http://forum.avast.com/index.php?topic=134059.0.

One such complaint is “My antivirus application (Avast) is reporting the trojan HTML:HideMe-D every time I load the page that lists my email.”.

Yes the sites are being blocked by various extensions, for instance blocked from Google Chrome.
See what here: http://www.whatrunswhere.com/domainPreview.php?domain=cyclops.untd.com
The website Cyclops.Prod.Untd.com contains tracking cookies as well as pop-ups that can attempt to install other malicious items on your computer, such as Trojans. Fortunately, you can prevent Cyclops.Prod.Untd.com from loading altogether by blocking the website with your computer’s registry.

polonus

Scanned IP against 111 blacklists, all came up OK! Congratulations… 64.136.44.18
D

Loopscan results with quite some issues:
Domain:

Scan
Loopscan
Quick Zone Preview

;; Truncated, retrying in TCP mode.
untd.com. 600 IN TXT “spf2.0/pra ip4:64.136.0.0/20 ip4:64.136.16.0/21 ip4:64.136.22.0/24
ip4:64.136.28.0/22 ip4:64.136.30.0/24 ip4:64.136.32.0/20 ip4:64.136.50.0/23 ip4:64.136.52.0/22 ?all”
untd.com. 600 IN TXT “v=spf1
ip4:64.136.0.0/20 ip4:64.136.16.0/21 ip4:64.136.22.0/24 ip4:64.136.28.0/22 ip4:64.136.30.0/24 ip4:64.136.32.0/20 ip4:64.136.50.0/23
ip4:64.136.52.0/22 ?all”
untd.com. 600 IN MX 10 mx.dca.untd.com.
untd.com. 600 IN MX 10 mx.vgs.untd.com.
untd.com. 600 IN A
64.136.53.45
untd.com. 600 IN A 64.136.45.45
untd.com. 600 IN SOA authns.vgs.untd.com. hostmaster.noc.untd.com. (
2013022102 ;
serial
3600 ; refresh (1 hour)
300 ; retry (5 minutes)
864000 ; expire (1 week 3 days)
600 ;
minimum (10 minutes)
)
untd.com. 600 IN NS authns.iad.untd.com.
untd.com. 600 IN NS authns.dca.untd.com.
untd.com. 600 IN NS
authns.vgs.untd.com.

Authoritative name servers
DNS Server TTL IPv4 address IPv4 glue IPv6 address Serial no. Query time
d.root-servers.net 518400 6d 199.7.91.13 not authoritative
e.root-servers.net 518400 6d 192.203.230.10 not authoritative
f.root-servers.net 518400 6d 192.5.5.241 not authoritative
g.root-servers.net 518400 6d 192.112.36.4 not authoritative
h.root-servers.net 518400 6d 128.63.2.53 not authoritative
i.root-servers.net 518400 6d 192.36.148.17 not authoritative
j.root-servers.net 518400 6d 192.58.128.30 not authoritative
k.root-servers.net 518400 6d 193.0.14.129 not authoritative
l.root-servers.net 518400 6d 199.7.83.42 not authoritative
m.root-servers.net 518400 6d 202.12.27.33 not authoritative
a.root-servers.net 518400 6d 198.41.0.4 not authoritative
b.root-servers.net 518400 6d 192.228.79.201 not authoritative
c.root-servers.net 518400 6d 192.33.4.12 not authoritative

Authoritative name servers info
DNS Server IPv4 address BGP Prefix ASN Country Code Registry Date Alocated
d.root-servers.net 199.7.91.13 199.7.91.0/24 27 US arin 2007-12-07
e.root-servers.net 192.203.230.10 192.203.230.0/24 42 297 US arin 1992-11-18
f.root-servers.net 192.5.5.241 192.5.4.0/23 3557 US arin 1984-03-12
g.root-servers.net 192.112.36.4 192.112.36.0/24 5927 US arin 1991-06-26
h.root-servers.net 128.63.2.53 128.63.2.0/24 13 US arin 1985-03-12
i.root-servers.net 192.36.148.17 192.36.148.0/24 29216 SE ripencc 2000-03-17
j.root-servers.net 192.58.128.30 192.58.128.0/24 26415 36618 36626 36632 US arin 2000-11-30
k.root-servers.net 193.0.14.129 193.0.14.0/24 25152 NL ripencc 1993-09-01
l.root-servers.net 199.7.83.42 199.7.83.0/24 20144 US arin 2006-02-06
m.root-servers.net 202.12.27.33 202.12.27.0/24 7500 JP apnic 1997-03-04
a.root-servers.net 198.41.0.4 198.41.0.0/24 26415 36619 36620 US arin 1993-01-04
b.root-servers.net 192.228.79.201 192.228.79.0/24 4 US arin 2003-05-01
c.root-servers.net 192.33.4.12 192.33.4.0/24 2149 US arin 1987-10-22

SOA record ( )
mname (master name) rname (responsible name) serial refresh retry expire minimum

NS records from ( )
Domain name TTL NS

MX records from ( )
Domain name TTL MX records IPv4 address
NO MX RECORDS FOUND.

A records from ( )
Domain name TTL IPv4 address
NOT FOUND

AAAA records from ( )
Domain name TTL IPv4 address
NOT FOUND

SRV records from ( )
Domain name TTL pri weight target IPv4 address IPv6 address
NOT FOUND

List of Performed Tests
Test name Test details Status Indicator
DNS Servers response All name servers for this domain name respond to DNS queries. PASS
Zone serial numbers All name servers for this domain name respond with same serial ( ). PASS
Authority of name servers Some name servers listed at parent servers don’t respond as authoritative for this domain name.

d.root-servers.net

e.root-servers.net

f.root-servers.net

g.root-servers.net

h.root-servers.net

i.root-servers.net

j.root-servers.net

k.root-servers.net

l.root-servers.net

m.root-servers.net

a.root-servers.net

b.root-servers.net

c.root-servers.net

ERROR	

Required glue records All required glue records on parent server exist. PASS
Glue records match All glue records and A records match. PASS
Existance of NS records All NS records don’t exist in the domain name zone. ERROR
NS records match NS records from parent server and authoritative name server match. PASS
Recursive queries All name servers for this domain name don’t respond to recursive queries. PASS
Public zone transfer (AXFR) All name servers for this domain name don’t respond to AXFR queries. PASS
Name servers on public IP All name servers for this domain name are on public IP addresses. PASS
Number of name servers This domain has more than 7 name servers thus UDP packets with DNS responses can easily overdraw the limit of 512 bytes and this communication must be repeated using TCP protocol. This error is not relevant for root zone and top level domain names (TLDs) (13). WARNING
TTL values on parent server All TTL values on parent server match. PASS
TTL values on authoritative server All TTL values in authoritative records match. PASS
Reverse records of name servers Reverse records of DNS servers match with their IP addresses PASS
NS in different AS NS at least in 2 different autonomous systems thus their availability is not dependent on one network. PASS
NS in different subnets NS at least in 2 different subnets. PASS
Different IPv4 addresses of NS Name servers have different IP addresses. PASS
Server from SOA MNAME as NS record Primary name server ( ) from SOA MNAME entry is not listed as primary NS at your parent NS. WARNING
MNAME entry check SOA MNAME entry is missing dot at the end and that is not syntactically valid. ( ) ERROR
MNAME in SOA from all NS All DNS servers return the same MNAME value in SOA record. ( ) PASS
RNAME entry check SOA RNAME entry is not syntactically valid. ( ) ERROR
Format of serial number The serial number of the zone hasn’t got recommended syntax YYYYMMDDnn. ( ) WARNING
SOA REFRESH value check SOA REFRESH value ( =) is not within recommended range 20 minutes to 12 hours. WARNING
SOA RETRY value check SOA RETRY value ( =) is not within recommended range 15 minutes to SOA REFRESH ( =). WARNING
SOA EXPIRE value check SOA EXPIRE value ( =) is not within recommended range 14 to 31 days. WARNING
SOA MINIMUM value check SOA MINIMUM value ( =) is not within recommended range 1 to 3 hours. WARNING
No MX records found MX records missing at your name servers. ERROR
Domain AAAA records Domain A records and AAAA records missing at your name servers. WARNING
No WWW records found WWW records missing at your name servers. WARNING
SRV SIP records check No SRV records detected. No further tests performed. INFO
DNSKEY records check No DNSKEY records detected. No further tests performed. INFO
Scanning took 45.417 seconds.

polonus